1. Home
  2. CVE Database
  3. CVE-2018-20090
HIGH · 8.3

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.

Vulnerability Description

An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
LOW

Affected Products

VendorProductVersions
ClouderaData Science Workbench>= 1.4.0, <= 1.4.2

Related Weaknesses (CWE)

CWE-276

References

FAQ

What is CVE-2018-20090?

CVE-2018-20090 is a vulnerability with a CVSS score of 8.3 (HIGH). An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.

How severe is CVE-2018-20090?

CVE-2018-20090 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20090?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudera Data Science Workbench.